New products of the week 3.6.17
See larger image Image courtesy Certa New products of the week Our roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow. See larger image...
View ArticleHackerOne opens up bug bounties to open source
HackerOne is bringing bug hunting and software testing to open source developers to help make open source software more secure and safer to use. A lot of modern tools and technologies depend on open...
View ArticleBitbucket tightens security on private code
Atlassian recently added IP whitelisting and two-step verification to Bitbucket, its cloud-based version control system, to give administrators stronger controls on who can view, push, or clone a...
View ArticleWhy more Chief Strategy and Risk Officers need a seat at the security table
For years the evolving role of chief information security officers has increasingly required them to think more like a chief risk or strategy officer and anticipate cyber threats before they happen....
View Article【重大漏洞预警】Struts 2 远程代码执行漏洞(CVE-2017-5638)
【重大漏洞预警】Struts 2 远程代码执行漏洞(CVE-2017-5638) 2017-03-07 11:24:11 来源:apache.org 作者:安全客 阅读:2520次 点赞(0) 收藏 背景介绍 Struts2 的使用范围及其广泛,国内外均有大量厂商使用该框架。...
View Article西数MyCloud网络硬盘被曝有安全漏洞,可绕过验证直接读写文件 ...
西数MyCloud网络硬盘被曝有安全漏洞,可绕过验证直接读写文件 ... 49分钟前来源:超能网 如果你的西数MyCloud网络硬盘产品最近在使用上有出现问题的话,那我们建议你不妨先试试离线使用,看看有没有恢复正常,因为有多款西数MyCloud网络硬盘已经被证实存在安全漏洞,其中最严重的一个问题是可以绕过登录验证直接读写文件,换句话说西数MyCloud网络硬盘有被骇客攻击的危险。...
View Article中国公司成网络攻击新目标遭攻击次数两年暴增969%
中国公司成网络攻击新目标遭攻击次数两年暴增969% 一点号GDCA数安时代1小时前 php?url=0FnVgJd59D" alt="中国公司成网络攻击新目标遭攻击次数两年暴增969%" /> 腾讯科技讯据外媒报道,普华永道一项最新调查显示,针对中国公司的网络攻击频率最近两年开始疯狂飙升,其中能接收和发送数据的联网家居产品受到的攻击最为频繁。...
View Article谷歌SSRF漏洞解析:利用谷歌应用工具发现谷歌内部DNS信息
1月底,我发现谷歌应用套装G Suite网站 toolbox.googleapps.com 存在SSRF漏洞,通过该漏洞可以进一步查询谷歌内部DNS服务器,获取到谷歌公司内部IP地址、域名解析记录和各种服务器主机信息(如谷歌活动目录架构),更奇妙的是,在此过程中,我还发现了一台好像是Minecraft游戏的托管服务器.. . SSRF漏洞:SSRF(Server-Side Request...
View ArticleMost consumers not being turned on by connected home, study finds
Connected homes aren’t yet sparking interest beyondthe early adopter crowd, according to survey of nearly 10,000 consumersin the U.S., the U.K. and Australia conducted by Gartner. Across the polled...
View ArticleVerizon pushes the March Android security update to the Pixel
We’re into March which means Google is just about ready to release the March Android security patch.Verizon has leaked the goods a bit early, as the carrier has published the software update...
View Article英性诈骗团伙网络敲诈致4名青少年自杀
原标题:英性诈骗团伙网络敲诈致4名青少年自杀 php?url=0FnPTLZHvt" alt="英性诈骗团伙网络敲诈致4名青少年自杀" />【环球网综合报道】据英国《镜报》3月5日报道,近日,英国警方成功捣毁一起性诈骗案件,并将犯罪分子捉拿归案。该犯罪团伙频频利用网络进行性诈骗,每天至少有30名青少年遭到勒索。...
View Article多因素影响 移动网络诈骗比传统形式更复杂
【环球科技报道 记者 李文瑶】3月6日,中国信通院-阿里巴巴集团安全创新中心在京正式成立。据了解,中国信通院-阿里巴巴集团安全创新中心将聚焦于信息通信安全领域,双方合作开展国家与行业标准研制、产业发展研究、测试技术手段研发等工作;相关研究报告和白皮书的编制和发布;输出技术能力和创新成果,为社会提供服务。 php?url=0FnUZYhBbF" alt="多因素影响 移动网络诈骗比传统形式更复杂"...
View ArticleTrojan uses a key internet feature to receive marching orders
If malware uses a remote command-and-control server to function, it's relatively easy to cripple it by blocking the internet addresses it uses. It's not always that easy, however, and researchers at...
View Article不学奥斯卡黑《长城》,回味马特达蒙《谍影重重5》的技术亮点
在刚刚落幕的第89届奥斯卡颁奖典礼上,拜常年与马特达蒙相爱相杀的主持人鸡毛所赐,他调侃马特达蒙放弃出演获得最佳男主角的电影《海边的曼彻斯特》,放弃了小金人潜力股反而跑去中国拍《长城》,结果还赔了8000万美元。今天在这里不提《长城》究竟如何,其实马特达蒙去年还上映了另外一部有意思的电影,有着前作三部曲的良玉在前,上映前就引起多方关注,而电影中也存在着很多技术热点和与网络安全有关的话题,今天借着奥斯卡...
View ArticleWhat the Aporeto Trireme Project Means for the Security Community
With extensive experience in networking, security and cloud, our founding team here at Aporeto , the company behind Trireme , embarked on a journey to redefine application security with the help of...
View ArticleWhy automation is key for the future of cyber security
Cyber security is all about speed finding and dealing with a threat or vulnerability as quickly as possible. The damage that can be wrought in minutes, let alone days and weeks, could prove devastating...
View Article【重大漏洞预警】Struts 2 远程代码执行漏洞(CVE-2017-5638)(含PoC)
【重大漏洞预警】Struts 2 远程代码执行漏洞(CVE-2017-5638)(含PoC) 2017-03-07 11:24:11 来源:apache.org 作者:安全客 阅读:10007次 点赞(0) 收藏 背景介绍 Struts2 的使用范围及其广泛,国内外均有大量厂商使用该框架。...
View Article两会财经观察第三期:马化腾说用技术手段保网络安全
两会财经观察第三期:马化腾说用技术手段保网络安全 2小时前来源:21世纪经济报道 php?url=0FnfY1L7cv" alt="两会财经观察第三期:马化腾说用技术手段保网络安全" />3月3日晚,全国人大代表、腾讯董事会主席马化腾在北京召开了记者发布会,发布会上,他着重提出了七个议题,其中就有所有“网虫”都非常关注的一件事――网络安全。 互联网的风险是因为技术不到位...
View Article